SQL Injection Vulnerabilities in Advantech iView Software
CVE-2020-14497

9.8CRITICAL

Key Information:

Vendor
Advantech
Status
Advantech Iview
Vendor
CVE Published:
15 July 2020

Summary

Advantech iView software versions 5.6 and earlier are susceptible to multiple SQL injection vulnerabilities. These flaws allow an attacker to manipulate SQL queries through user-controlled strings, potentially leading to unauthorized access to sensitive data, including user credentials. Exploiting these vulnerabilities could enable an attacker to read or modify critical information and execute code remotely, thus posing significant risks to data integrity and confidentiality.

Affected Version(s)

Advantech iView Versions 5.6 and prior

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-20-847/
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-20-827/
x_refsource_MISC

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.